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— The MAILING DATE of this communication appears on the cover sheet with the correspondence address— 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1 .313 and MPEP 1308. 

1 . This communication is responsive to 7/21/10 . 

2. ^ The allowed claim(s) is/are 1-75 . 

3. D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. D Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . M Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. Q Notice of Informal Patent Application 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. O Examiner's Amendment/Comment 

8. ^ Examiner's Statement of Reasons for Allowance 

9. □ Other . 
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Reasons for Allowance 

1 . The following is an examiner's statement of reasons for allowance: listed below: 
Any comments considered necessary by applicant must be submitted no later than the 

payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

2. Claims 1-75 are allowable. 

3. Prior art fails to disclose or suggest, "wherein the change from the self address to the 
new address triggers an Internet Security Association and Key Management Protocol (ISAKMP) 
element to evaluate a SA table to determine selected SAs in a security parameter Index (SPI) list 
that are bound to the self address, and wherein the SPI list is provided in an outgoing IP 
address update message to the second end machine", and example of prior art that fails to 
disclose or suggest these limitations is Bahl. Bahl discloses providing mobility support for a 
mobile host that is agent- free and maintains session continuity during address changes in a way 
that is transparent to applications on the communicating hosts (i.e., the mobile and correspondent 
hosts). When the mobile host (MH) changes its address while communicating over a connection 
with a correspondent host (CH), the old address is deprecated. Bahl discloses a mobility service 
of the mobile host then sends an address change notification message over a secured control 
channel to the correspondent host. Bahl discloses upon receiving the address change notification 
message, a mobile service of the correspondent host returns an acknowledgment over the control 
channel and modifies the security filters and transport control parameters corresponding to the 
connection with the mobile host to use the new address of the mobile host. Bahl discloses the 
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address change message and the acknowledgment are delivered through a tunnel set up for the 
control channel based on the new and old addresses of the mobile host. Bahl discloses after 
receiving the acknowledgment, the mobile service of the mobile host modifies the security filters 
and transport control parameters for the connection with the correspondent host to use the new 
mobile host address. As a result, the connection between the mobile host and the correspondent 
host has "migrated" to the new mobile host address, and all subsequent traffic between the 
mobile host and the correspondent host is sent over the migrated connection and secured by the 
same security associations used prior to the migration. In this way, the continuity of network 
communication sessions between an application on the mobile host and another application on 
the correspondent host over the connection is maintained. The migration of the connection 
between the mobile and correspondent hosts to the new mobile host address is performed without 
the assistance of an agent and is done seamlessly and transparently to the applications 
communicating over the connection. Bahl fails to disclose or suggest, "wherein the change from 
the self address to the new address triggers an Internet Security Association and Key 
Management Protocol (ISAKMP) element to evaluate a SA table to determine selected SAs in a 
security parameter Index (SPI) list that are bound to the self address, and wherein the SPI list is 
provided in an outgoing IP address update message to the second end machine". 

4. Prior art fails to disclose or suggest, "wherein the change from the self address to the 
new address triggers an Internet Security Association and Key Management Protocol (ISAKMP) 
element to evaluate a SA table to determine selected SAs in a security parameter Index (SPI) list 
that are bound to the self address, and wherein the SPI list is provided in an outgoing IP 
address update message to the second end machine", and example of prior art that fails to 
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disclose or suggest these limitations is Kroselberg. Kroselberg discloses a security parameter 
index is contained in the message for each security association contained in the list. Kroselberg 
discloses each security parameter index is assigned to a security association contained in the list. 
Kroselberg discloses that the security association is used for determining cryptographic 
parameters which are used in a cryptographically protected communication link between the first 
computer and the second computer to be set up using the security association. Kroselberg 
discloses one security parameter index can be used for a number of security associations, and 
discloses the security parameter index is clearly a pointer to the data structure which describes 
the security association. However, Kroselberg fails to disclose or suggest, "wherein the change 
from the self address to the new address triggers an Internet Security Association and Key 
Management Protocol (ISAKMP) element to evaluate a SA table to determine selected SAs in a 
security parameter Index (SPI) list that are bound to the self address, and wherein the SPI list is 
provided in an outgoing IP address update message to the second end machine". 

5. Prior art fails to disclose or suggest, "wherein the change from the self address to the 
new address triggers an Internet Security Association and Key Management Protocol (ISAKMP) 
element to evaluate a SA table to determine selected SAs in a security parameter Index (SPI) list 
that are bound to the self address, and wherein the SPI list is provided in an outgoing IP 
address update message to the second end machine", and example of prior art that fails to 
disclose or suggest these limitations is Ahonen. Ahonen discloses negotiated SAs are held at the 
firewall in a Security Association Database (SAD) and at the end of the negotiation process the 
firewall transfers the SAD from the intranet side interface to the external side interface of the 
IPsec protocol stack. This makes it possible for the mobile host to make use of the pre-created 
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IKE phase 1 and phase 2 SAs from outside of the intranet. Ahonen discloses the mobile host 
will send a specific formatted authorization certificate to the firewall (if outside the intranet, a 
temporary secured IPsec channel could be established for this certificate transfer. Ahonen 
discloses this certificate includes at least a formatted list of identities of the phase 2 SAs that 
were pre-created during the Quick Mode between the mobile host and the correspondent host. 
Ahonen discloses the information about each SA in the list could consist of: the Source and 
Destination IP addresses, the ISAKMP Cookies of the mobile host and the correspondent host 
(under which the phase 2 negotiation was done), the IPsec protocol ID (AH, ESP), the SPI 
number of the particular phase 2 SA (incoming and outgoing separated). Ahonen discloses if the 
source IP address was changed, the firewall will also forward the new Source and Destination IP 
addresses to the correspondent host, which identifies the appropriate SA via ISAKMP Cookies, 
IPsec protocol ID, and SPI number, which are also attached to the message. Ahonen discloses 
now the correspondent host can modify its SAD database to correctly reflect the change of the 
mobile host's IP address to the new valid one. Ahonen fails to disclose or suggest, "wherein the 
change from the self address to the new address triggers an Internet Security Association and 
Key Management Protocol (ISAKMP) element to evaluate a SA table to determine selected SAs 
in a security parameter Index (SPI) list that are bound to the self address, and wherein the SPI list 
is provided in an outgoing IP address update message to the second end machine". 

6 . Prior art fails to disclose or suggest, "wherein the change from the self address to the 

new address triggers an Internet Security Association and Key Management Protocol (ISAKMP) 
element to evaluate a SA table to determine selected SAs in a security parameter Index (SPI) list 
that are bound to the self address, and wherein the SPI list is provided in an outgoing IP 
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address update message to the second end machine", and example of prior art that fails to 
disclose or suggest these limitations is the Non-patent literature of RFC 3344. RFC 3344 teaches 
a security parameter index is a security context between a pair of nodes among the contexts 
available in the mobility security association. RFC 3344 teaches, when away from home, 
Mobile IP uses protocol tunneling to hide a mobile node's home address from intervening routers 
between its home network and its current location. The tunnel terminates at the mobile node's 
care-of address. The care-of address must be an address to which datagrams can be delivered via 
conventional IP routing. At the care-of address, the original datagram is removed from the 
tunnel and delivered to the mobile node. RFC 3344 fails to teach or suggest, "wherein the 
change from the self address to the new address triggers an Internet Security Association and 
Key Management Protocol (ISAKMP) element to evaluate a SA table to determine selected SAs 
in a security parameter Index (SPI) list that are bound to the self address, and wherein the SPI list 
is provided in an outgoing IP address update message to the second end machine". 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JENISE E. JACKSON whose telephone number is (571)272- 
3791 . The examiner can normally be reached on Increased Flex time, but generally in the office 
M-Fri(8-4:30).. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on (571) 272-7884. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

October 8, 2010 
/J. E. J./ 

Examiner, Art Unit 2439 



/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2439 



